CVE-2022-2266

University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-22-0637	Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-22-0637	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:yordam:library_automation_system:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-09-22 09:15

Updated : 2024-11-21 07:00

NVD link : CVE-2022-2266

Mitre link : CVE-2022-2266

CVE.ORG link : CVE-2022-2266

JSON object : View

Products Affected

yordam

library_automation_system

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-2266", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-09-22T09:15:09.460", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-22-0637", "tags": ["Third Party Advisory"], "source": "iletisim@usom.gov.tr"}, {"url": "https://www.usom.gov.tr/bildirim/tr-22-0637", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2"}, {"lang": "es", "value": "University Library Automation System desarrollado por Yordam Bilgi Teknolojileri versiones anteriores a 19.2, presenta una vulnerabilidad de tipo XSS reflejada no autenticada. Esto ha sido corregido en versi\u00f3n 19.2"}], "lastModified": "2024-11-21T07:00:39.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yordam:library_automation_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F0FF895-915C-4964-8080-4E550939DB04", "versionEndExcluding": "19.2"}], "operator": "OR"}]}], "sourceIdentifier": "iletisim@usom.gov.tr"}